Fatores influenciadores da implementa??o de a??es de gest?o de seguran?a da informa??o :um estudo com executivos e gerentes de tecnologia da informa??o das empresas do Rio Grande do Norte / Factors influencing the implementation of information security managemente: an exploratory and empirical study of Executives and Chief Information Officers?perceptions

Gabbay, Max Simon

19 May 2006

Made available in DSpace on 2014-12-17T14:52:56Z (GMT). No. of bitstreams: 1 Max Simon Gabbay.pdf: 1162582 bytes, checksum: 103ee5138ddeedcf7fa95d62fb665096 (MD5) Previous issue date: 2006-05-19 / Information is one of the most valuable organization s assets, mainly on a global and highly competitive world. On this scenery there are two antagonists forces: on one side, organizations struggle for keeping protected its information, specially those considered as strategic, on the other side, the invaders, leaded by innumerous reasons - such as hobby, challenge or one single protest with the intention of capturing and corrupting the information of other organizations. This thesis presents the descriptive results of one research that had as its main objective to identify which variables influence the Executives? and CIOs? perceptions toward Information Security. In addition, the research also identified the profile of Rio Grande do Norte s organizations and its Executives/CIOs concerning Information Security, computed the level of agreement of the respondents according to NBR ISO/IEC 17799 (Information technology Code of practice for information security management) on its dimension Access Control. The research was based on a model, which took into account the following variables: origin of the organization s capital, sector of production, number of PCs networked, number of employees with rights to network, number of attacks suffered by the organizations, respondent?s positions, education level, literacy on Information Technology and specific training on network. In the goal?s point of view, the research was classified as exploratory and descriptive, and, in relation of the approach, quantitative. One questionnaire was applied on 33 Executives and CIOs of the 50 Rio Grande do Norte s organizations that collected the highest taxes of ICMS - Imposto sobre Circula??o de Mercadorias on 2000. After the data collecting, cluster analysis and chi-square statistical tools were used for data analysis. The research made clear that the Executives and CIOs of Rio Grande do Norte s organizations have low level of agreement concerning the rules of the NBR ISO/IEC 17799. It also made evident that the Executives and CIOs have its perception toward Information Security influenced by the number of PCs networked and by the number of attacks suffered by the organizations / A informa??o ? um dos mais valiosos ativos das empresas, notadamente num mundo globalizado e altamente competitivo. Neste cen?rio, percebe-se a exist?ncia de duas for?as antag?nicas: de um lado encontram-se as empresas que lutam para manter protegidas suas informa??es, em especial as consideradas como estrat?gicas, e de outro, invasores, que, movidos por diversos fatores lazer, desafios ou um simples protesto - objetivam captar e adulterar as informa??es de outras entidades. Esta disserta??o apresenta os resultados descritivos de uma pesquisa que teve por objetivo identificar quais fatores influenciam os Executivos e Gerentes de Tecnologia da Informa??o nas suas percep??es em rela??o ? Seguran?a de informa??o. Adicionalmente, o trabalho levantou o perfil das empresas e dos Executivos e Gerentes de TI do Rio Grande do Norte em rela??o ? Seguran?a da informa??o e aferiu o n?vel de concord?ncia dos respondentes em rela??o ?s diretrizes da Norma NBR ISO/IEC 17799 (Tecnologia da informa??o C?digo de pr?tica para a gest?o da seguran?a da informa??o) na sua dimens?o Controle de Acesso. O estudo foi desenvolvido em cima de um modelo criado para esta pesquisa, o qual contemplava as seguintes vari?veis: origem do capital da empresa, setor de produ??o, tamanho do parque de inform?tica instalado, n?mero de empregados que acessam a rede, freq??ncia dos ataques sofridos, cargo do respondente, idade, n?vel de escolaridade, conhecimento geral de inform?tica e treinamentos espec?ficos em rede. Do ponto de vista de seus objetivos, a pesquisa foi explorat?ria e descritiva, e, em rela??o ? forma de abordagem, quantiativa. Foi aplicado um formul?rio junto a 33 Executivos e 33 Gerentes de TI dentre as 50 empresas do Rio Grande do Norte que apresentaram no ano de 2000 os maiores volumes de arrecada??o de ICMS - Imposto sobre Circula??o de Mercadorias. Ap?s a fase de coleta e tabula??o dos dados, foram utilizadas as ferramentas estat?sticas de An?lise de Conglomerados e qui-quadrado para a an?lise dos dados. A pesquisa sugere que os Executivos e Gerentes de TI das empresas do Rio Grande do Norte possuem baixo n?vel de concord?ncia em rela??o a Norma NBR ISO/IEC 17799. A pesquisa tamb?m evidenciou que os respondentes t?m sua percep??o em rela??o ? Seguran?a da informa??o influenciada pelo tamanho do parque instalado e pelo n?mero de ataques sofridos pela empresa

Tecnologia da informa??o

Seguran?a da informa??o

Norma ISO/IEC

Gest?o da informa??o

Information technology

Information security

NBR ISO/IEC 17799

information management

Publikace Základního profilu normy ISO/IEC 29110 v Eclipse Process Framework Composer / Publication Basic profile of ISO/IEC 29110 standard in Eclipse Process Framework Composer

Dlugošová, Simona

January 2013

This diploma thesis focus on matters of improving the software processes in very small enterprises sector. Its main goal is to provide the instruction for implementation of systematic processes and operations in project management and software implementation sphere to that type of company in Czech Republic. It is accomplished by the publication Basic profile of the ISO/IEC 29110 standard translated to Czech. The creation of this publication has been done in open source tool for control of methodical content Eclipse Process Framework Composer. Published profile is simultaneously referencing itself to other manuals, methods and documents created for simplification of its use. The main acquisition of this diploma thesis consists in the manual presentation for improving of the software processes which is available, understandable and also matching with specific needs of very small enterprises. By the application of Basic profile for the ISO/IEC 29110 standard can they prove their processes and in the same time receive the certification ISO/IEC 29110 and increase its competitiveness and role in the market. The thesis is structured in four thematic parts. The first concerns itself on improving of software processes, matters of using the standards and methods and initiatives ensued for its support in very small enterprises. In the other two parts is the ISO/IEC 29110 standard presented and all elements and processes of the published profile are described in detail. The final part contains description of the creation of publication Basic profile ISO/IEC 29110 in Eclipse Process Framework Composer tool.